[
https://issues.apache.org/jira/browse/OOZIE-2897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16033534#comment-16033534
]
Rohini Palaniswamy commented on OOZIE-2897:
-------------------------------------------
You need exactly this -
https://github.com/apache/hadoop/blob/3721cfe1fbd98c5b6aa46aefdfcf62276c28c4a4/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-jobclient/src/main/java/org/apache/hadoop/mapred/YARNRunner.java#L502-L507
on the application submission side.
Checking for acls.enabled and the acls is done in the AM webservices and UI
calls in mapreduce. We will have to do that with Oozie AM as well.
> LauncherAM should support ACLs
> ------------------------------
>
> Key: OOZIE-2897
> URL: https://issues.apache.org/jira/browse/OOZIE-2897
> Project: Oozie
> Issue Type: Sub-task
> Reporter: Peter Bacsko
>
> In MapReduce, you can define ACL-related properties:
> {noformat}
> mapreduce.job.acl-view-job
> mapreduce.job.acl-modify-job
> {noformat}
> {{acl-view-job}} defines a list of users/groups who can retrieve the job
> statistics. {{acl-modify-job}} defines a list of users/groups who can kill a
> job or adjust the priority of it.
> Docs:
> https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
> In YARN, we can provide backward compatibility for these properties. Example
> code:
> {code}
> Map<ApplicationAccessType, String> acls = new HashMap<ApplicationAccessType,
> String>();
> acls.put(ApplicationAccessType.MODIFY_APP, "*");
> acls.put(ApplicationAccessType.VIEW_APP, "*");
> amContainer.setApplicationACLs(acls);
> {code}
> This has to be done before application submission. We have to open
> {{mapred-site.xml}} and check if {{mapred.acls.enabled}} is true. If so, then
> read the values of view-job/modify-job and configure the launcher context as
> described above.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
